Forward this newsletter to colleagues and friends: use the "forward email" link below at left, rather than "Forward" in your email software, to preserve your privacy, give the recipient more options (their own unsubscribe link, etc.) and to give us better click-through data from ConstantContact. Thanks!

Bob Benson: "Keep No Secrets"

Bob Benson, another Cutter Consortium Senior Consultant, just co-authored with Pieter Ribbers and Ron Blitstein a book entitled "Trust and Partnership: Strategic IT Management for Turbulent Times." The authors address the perennially difficult relationship between the business and IT.Some of the key points are that trust is based on performance, so there is no reason for an executive to accept poor performance. Secondly, the business and IT must recognize that they have successive levels of capabilities, from the most strategic to the most tactical; their respective capabilities are similar but distinct; and they need to be aligned -- there needs to be an IT capability matching each business capability.Finally, a key message is "keep no secrets": what IT does, how it does it, and how well needs to be exposed to everyone in the organization. Mistrust often arises from lack of transparency.

Storm Cloud: Data Residency and Privacy

Data residency and privacy are two of the concerns customer have about placing data in the cloud, but until now these were largely separate issues.Data residency is about the legal right to store certain data outside of the country of the data owner, and there have been conflicting signals. Foreign oil companies have long forbidden service companies from locating their oilfield data outside of the country. Conversely, a Danish bank obtained last year the authorization to place customer data outside of Denmark (given the absence of a major cloud provider inside the country). And in Mexico, where some government agencies routinely invoke data residency regulations as an argument against cloud adoption, it seems that these regulations are in fact nowhere to be found.Privacy is about the risk that "personally identifiable information" or PII could be made available to people who have no right to see it, including intruders or a cloud provider's system administrators. This is a concern regardless of where the data is stored.The two issues almost accidentally converged when Microsoft was ordered by a U.S. judge to turn over e-mails that are held in one of its servers located in Ireland (see the Washington Post article). Ironically, the fact that data related to U.S. users is held outside of the country may help maintain its privacy!

IoT Security News

We've deplored in previous issues the fact that the enthusiasm for the Internet of Things (IoT) and the technology that enables it were not matched by an equal interest in its security. A hopeful sign comes from Vanderbilt University's Institute of Software Integrated Systems (ISIS), which has simulated the impact of a cyberattack on the traffic systems regulating heavily traveled highways and is designing measures to recognize such attacks. The project goes by the unwieldy name of Smart Roads Cyber-Physical Systems.Readers interested in IoT developments are advised to check the increasing number of reports and updates written in recent months by Cutter Consortium consultants. Visit www.cutter.com, search on "IoT" or "Internet of Things," and if you want to know how to access this growing body of knowledge, let us know.In related news, the GSM Association (GSMA) reports that China is a hotbed of IoT developments, thanks to strong support from the government. The report says that China now accounts for 40% of machine-to-machine connections worldwide, although one may question how these connections are counted.

Seen Recently...

"Today's technology will be obsolete in a year, but true visions last over 100 years."